05-26-2008 8:01 AM
Greetings.
Is there any way to control attributes of generated passwords? E.g. I want the generated passwords to have letters AND number but NOT special symbols.
I recognize the benefit of generated passwords, but special symbols are hard on the end-users. Please advise!
05-26-2008 8:50 AM
Hi Martin,
SAP notes 832661 and 915488 will be helpfull for you.
Cheers,
Julius
05-26-2008 8:50 AM
Hi Martin,
SAP notes 832661 and 915488 will be helpfull for you.
Cheers,
Julius
05-26-2008 10:30 AM
Thanks, Julius!
[Note 662466|https://service.sap.com/sap/support/notes/662466] was what I needed.
05-26-2008 10:33 PM
Hi Martinsh,
I understand that you have found your answer (obviously you use the search ), but wanted to add a comment:
The information note you mentioned is "older" than the correction notes which I mentioned. Now I don't know which release you are on, nor whether you were refering to standard password generation in SU01 or a development of your own to generate passwords for users, but SAP did not change the old way after that note, they added a new way.
The note you found your answer in is to my knowledge the "old way" of generating passwords. The "new way" is in my notes, there are more features now to generate backward compatable passwords (from higher to lower releases) and also check the generated password for compliance with the password structure policy which the user will later (potentially) have to comply with.
They might become suspect that that "your" initial password is not compliant with what they later have to change their password to.
This is in my opinion more insecure than not requesting special characters in the password policy, depending on which release you are on.
My understanding is that the "new way" has a tighter knit between the policy and the generator, but tolerance for compatability when used and compliance when used. Take a look at this thread () which might be interesting for you to take a closer look at, depending on your release.
Cheers,
Julius
05-27-2008 6:45 AM
Julius,
I was referring to standard passwords generated in SU01 or SU10. We're on release 6.20 of R/3 but are planning to upgrade to 7.00 soon, so both SAPnotes are relevant for me, just in a different time-frame.
If I'm reading the notes correctly (not too much experience with them), 662466 is for 6.10 or 6.20 and implements customizing parameters that lets me control generated passwords, and 915488 I have to keep in mind when we upgrade out system.
Eliminating specials from generated passwords (e.g. setting GEN_PSW_MAX_SPECIALS to '0') would appear to be in line with the system parameter login/min_password_specials which is set to '0' and thus there shouldn't be a conflict between the generated initial password and what the user is expected to change it to - in fact, it should make it more obvious.
Sorry, I sometimes ramble.
05-27-2008 12:23 PM
> Sorry, I sometimes ramble.
It's nice to have some company
Thanks for your contribution!